> Von: Ondřej Surý [mailto:ond...@sury.org] > > On Tue, Oct 21, 2014, at 10:55, Fiedler Roman wrote: > > > Von: Ondřej Surý [mailto:ond...@sury.org] > > > > > > Hi, > > > > > > TL;DR: "s/touch -c/touch -c -h/", right? > > > > This will fix it for arbitrary symlinks, the only remaining issues would > > be > > > > a) keeping open a file ".. xxxx", which will update the parent directory > > modification time. > > Which parent directory? The session dir or the symlink targe parent > directory?
The /var/lib directory: Since the the parsing of the lsof output is broken (awk uses "$9"), an open file ".. xxxx" will cause touch -c "/var/lib/php5/.." without involving any symlinks. > > b) keeping open a file "[otherfilename] [random]", which will prevent > > arbitrary other sessions from timing out. Since most likely malicious > > process should be "www-data", this is not of any significance. > > The httpd user (www-data) has access to all session files if the > attacker know the session name. Yes, so no relevance with "www-data". But e.g. user "nobody" could prevent any "www-data" session from timing out when knowing the name, just a subtle annoyance.
smime.p7s
Description: S/MIME cryptographic signature
